1. CVE-Search
  2. CVE-2017-5180
ID CVE-2017-5180
Summary Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
References
Vulnerable Configurations
  • cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:lts:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:lts:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:lts:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:lts:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:lts:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:lts:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.4:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.4:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.6:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.6:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.8:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.8:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.8.1:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.8.1:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.10:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.10:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12.1:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12.1:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.14:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.14:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.16:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.16:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.20:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.20:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.22:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.22:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.24:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.24:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.26:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.26:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.28:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.28:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.30:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.30:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.30:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.30:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.32:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.32:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.32:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.32:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.34:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.34:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.34:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.34:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.36:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.36:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.36:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.36:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.8:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.8:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.10:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.10:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.12:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.12:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.40:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.40:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.40:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.40:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.42:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.42:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.42:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.42:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.2:*:*:*:-:*:*:*
CVSS
Base: 4.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 95298
gentoo GLSA-201701-62
misc
Last major update 03-10-2019 - 00:03
Published 09-02-2017 - 18:59
Last modified 03-10-2019 - 00:03
Back to Top